Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Legitimate yahoo .pdf attachments being blocked by DNSBL in PFblocker 2.2.5.-32

    Scheduled Pinned Locked Moved pfBlockerNG
    11 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Hello, all I tried a search for this topic, so apologies if this is duplicate. Installed versions. PFsense 2.4.5 // PFblockerNG 2.2.5_32 // Browser Firefox 68.8 64 bit

      My wife uses yahoo mail.... I know, please spare me the comments, I have to live with her...
      Anyway she has legitimate documents that are routinely blocked by the DNSBL function in PFblocker.
      I have disabled and re-enabled DNSBL and the problem comes and goes... I have turned off all DNSBL groups and still no joy. I do not have DNSBL groups or Safe search enabled

      This surely is a no brainer for all you gurus out there, I'm just not one of them :-)

      Below the web link the gets blocked...
      https://dl-mail.ymail.com/ws/download/mailboxes/@.id==(+lots of encryped data jibberish)

      I have entered .ymail and .yahoo into the whitelist - no joy!

      ANY help where to begin or questions for more info would be greatly appreciated.

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • DaddyGoD
        DaddyGo
        last edited by

        DNSBL is thus a large category in itself.....
        I suggest you watch in the log exactly which list in the DNSBL triggers the block.
        I understand your second sentence.....☺
        otherwise are you sure pfBlockerNG is blocking......?
        , see these:

        https://morph.zone/modules/newbb_plus/viewtopic.php?topic_id=11826&forum=11
        https://answers.microsoft.com/en-us/ie/forum/all/cannot-download-attachments-from-yahoo-mail-error/6515e6fa-6faa-42ce-951e-39f082fe2f59

        and finally this:

        d3efbc2a-474c-4852-8293-92eeb183ca9e-image.png

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        ? 1 Reply Last reply Reply Quote 0
        • ?
          A Former User @DaddyGo
          last edited by

          @DaddyGo

          Thanks for getting back. I'm pretty sure it is something in DNSBL because I can make the problem go away and open the attachment link when DNSBL is turned off.

          I am a real newbie with this but as far as I could see there were no block entries showing this particular site, that is the confusing part. You would think that when you turn off DNSBL and the problem goes away, that the logs would show something after you turn it back on.

          I read the links you sent, but they refer issues which did not seem to apply to my situation.

          the last item you included, might have sparked an idea to try though, so thanks for that. I will send update if I find an answer.

          1 Reply Last reply Reply Quote 0
          • DaddyGoD
            DaddyGo
            last edited by

            it seems to me that, this is a more global problem with yah ... and let’s not say its name......

            in case pfBlockerNG blocks it should be seen in the log, maybe BBcan177 will have a suggestion about it, He really knows DNSBL, you can even give advice on this issue closely

            Yes it makes sense, if you disable pfBlockerNG and it works to unambiguously block the source, but keep in mind that, this is likely to happen, because there are problems with it or a possible false positive (hard to believe yah ---) ???

            Cats bury it so they can't see it!
            (You know what I mean if you have a cat)

            1 Reply Last reply Reply Quote 0
            • NollipfSenseN
              NollipfSense @A Former User
              last edited by

              @n257jy said in Legitimate yahoo .pdf attachments being blocked by DNSBL in PFblocker 2.2.5.-32:

              I have entered .ymail and .yahoo into the whitelist - no joy!

              Did you reload pfBlockerNG immediately afterwards? Also, you should add: dl-mail.ymail.com and/or ymail.com or yahoo.com ... Do you have this checked and read the note?

              Screen Shot 2020-05-19 at 11.28.26 AM.png

              pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
              pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

              ? 1 Reply Last reply Reply Quote 0
              • ?
                A Former User @NollipfSense
                last edited by

                @NollipfSense

                Thanks - YES TLD box is checked.
                Whitelist has: dl-mail.ymail.com, .ymail.com and .yahoo.com

                Also discovered these lines in the DNSBL log! belowlog capture.JPG
                I shows that AntiSocial... feed that is blocking it... but when I search for dl-mail. in the list it is not there!? I am not sure what the + or - at the end mean... There are also several lines below , that have a lot of "unknown" in them...

                Any ideas?

                NollipfSenseN 1 Reply Last reply Reply Quote 0
                • NollipfSenseN
                  NollipfSense @A Former User
                  last edited by

                  @n257jy The plus symbol (+) means clicking that adds it to whitelist or wildcard whitelist. It seems from your log DNS resolver is having issues with the (di-mail) part of the address. Also, when you add the (ymail.com) be sure a dot is not in front like here (.ymail.com).

                  pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                  pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                  1 Reply Last reply Reply Quote 0
                  • ?
                    A Former User
                    last edited by A Former User

                    @NollipfSense said in Legitimate yahoo .pdf attachments being blocked by DNSBL in PFblocker 2.2.5.-32:

                    ).

                    OK, two things.
                    The + or - I was talking about was the ones at the very end of the log line... ...BD,+ yellow highlighted lines. Understand + sign in feeds list.

                    I thought the . infront of the domain meant any subdomain was white listed too, which technically would make the dl-mail.ymail.com entry redundant. If I 'm wrong on that please let me know...

                    NollipfSenseN 1 Reply Last reply Reply Quote 0
                    • NollipfSenseN
                      NollipfSense @A Former User
                      last edited by

                      @n257jy Okay ... I have never seen the (+ or -) in the log before. I would add the entire address (dl-mail.ymail.com) to the whitelist.

                      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                      1 Reply Last reply Reply Quote 0
                      • ?
                        A Former User
                        last edited by

                        Update:

                        I did a full reset (default install) of Pfblocker. I had changed and clicked soooo many things - I figured a fresh starting point would be a good thing.
                        So then I also cleared out the logs and recreated the issue... log image below.

                        Bingo Boingo there was a line in the log again - and this time I actually found the ymail entry in the feed alike the log said i should. I turned off the offending list and voila, all is well.
                        So now i need to decide whether to ditch that list altogether or edit out the offending lines. and use as a custom list...

                        log capture2.JPG

                        Thanks to everyone for asking the questions, because they lead me to learning a bit more about pfblocker and figuring out the issue...

                        cheers!

                        NollipfSenseN 1 Reply Last reply Reply Quote 0
                        • NollipfSenseN
                          NollipfSense @A Former User
                          last edited by

                          @n257jy I would add to custom list than ditch the feed ... congrats on the self-learning that brought you more confidence as network administrator.

                          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.